--- x/fs/9p/v9fs.c
+++ y/fs/9p/v9fs.c
@@ -302,6 +302,8 @@ int v9fs_parse_param(struct fs_context *
 			p9_debug(P9_DEBUG_ERROR, "msize should be at least 4k\n");
 			return -EINVAL;
 		}
+		if (result.uint_32 < P9_IOHDRSZ)
+			return -EINVAL;
 		clnt->msize = result.uint_32;
 		break;
 	case Opt_trans: